i noticed alot of people were trying to hack my server via ssh. almost three times a day, ip addresses of the attackers were from china and some east european countries. but i block ssh now and since then no troubles.

They gained *root* access? Ouch, that doesn't sound like a very secure setup.

Netcraft's "what's that site running" shows that until a few days ago they were running a version of Apache that was 2 and a half years old, which implies that they probably don't keep their systems up to date in general, which implies that their IT sucks. Even Microsoft can keep their website up, and Microsoft are not known for having top-notch security. Guys like Google, News24 etc. can keep their sites up.

The fact is ALL websites are continually under attack from hackers. All of them, all the time. Most attacks are automated. If your IT sucks, you will suffer.

Unfortunately it's very hard finding good IT people, especially in South Africa, the quality of the graduates from our universities is *****ing terrible, and the small number of smart folks that manage to come out with skills in spite of how bad the system is, leave for greener pastures overseas.

I don't sympathize with their IT. I do sympathize with Mail and Guardian in that they probably have a hard time finding good IT people, and end up having to rely on morons, 'cos that's the best that's out there.

Could have seen this coming! The other day when they had that hack whereby they distributed that spyware (cant remember the details, but was in a M&G article, lol), I fingerprinted their web server and it was running php 5.2.6'ish ... a 2-year old version, I think... Chances are the apache it was running on was just as old. Apache/PHP old versions aren't known for being super secure. The only surprise here is that it wasn't hacked earlier!

There is always a way. People will always find an exploit etc. Sometimes it could take months.

Technically yes; in practice, no, there isn't really "always a way"; if there was, all major websites would be frequently down from attacks.

99% of hacking uses known exploits, which can be prevented relatively "trivially" by any admin with half a brain by simply keeping all systems up to date, and following bulletins of the latest exploits.

90% of hacking is automated. All sites are continually under attack. If your software is up to date, and you don't have any other obvious stupid holes, you can sleep easy at night, it won't take "months", it will take "indefinitely", because an automated hack targeting a patched exploit can go on for years with no problem - it's not a matter of time, it's a matter of "either you're vulnerable or you're not", i.e. "either the attempt will succeed the very first time, or it will never succeed" (the only type of target hacking attempt that might really go on "months" would be things like brute-force password checks, which can also be easily circumvented by even a half-competent IT admin: Use strong passwords ALWAYS, and turn off password login on services like SSH). It is naive IT admins who see these attempts in their logs and go "oh n0e5 we're under attack!" ... um, nope, it's just some automated script looking for known exploits that you should've patched.

0.1% of hackers actually try find new exploits, and it's rare to see these be used. Also, if you're worth your salt as an IT admin, newly published exploits won't cause major problems either, because you just keep on top of the patches and go on your way. If the site gets hacked, restore from backup, and continue on your way.

The only hacking that is truly difficult to prevent is those that use unpublished new exploits. That is such a tiny minority, and the people doing that are usually farming their skills out to criminal enterprises. I doubt they care about Mail and Guardian specifically.

I don't sympathize with their IT. I do sympathize with Mail and Guardian in that they probably have a hard time finding good IT people, and end up having to rely on morons, 'cos that's the best that's out there.

If you can't find someone who can keep your systems patched, you really haven't tried looking hard enough. You don't need "good IT people" for that, you just need someone who's not functionally retarded and who doesn't try and eat the keyboard keys, thinking they're sweeties.